**本次实验一的目的在于使用正则表达式和AS_PATH来进行路由过滤。**
AS_Path Filter是将BGP中的AS_Path属性作为匹配条件的过滤器,利用BGP路由携带的AS_Path列表对路由进行过滤。在不希望接收某些AS的路由时,可以利用AS_Path Filter对携带这些AS号的路由进行过滤,从而实现拒绝某些路由。AS_Path Filter可以直接对BGP路由进行过滤,也可以配合route-policy进行过滤。
正则表达式的用法如下图所示:
实验拓扑:![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/7fb7f5b62acd4bae902de9d4a7bbdf72.png#pic_center)
实验流程
R1、R2、R3运行BGP和OSPF协议,R1的AS号为100,R2的AS号为200,R3的AS号为300。跑OSPF协议使R1、R2、R3互联。
1、先配IP地址
[R1]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.1.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/32 up up(s)
LoopBack10 10.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[R2]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.1.1.2/24 up up
GigabitEthernet0/0/1 23.1.1.2/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 2.2.2.2/32 up up(s)
LoopBack20 20.1.1.1/24 up up(s)
LoopBack21 21.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[R3]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 23.1.1.3/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 3.3.3.3/32 up up(s)
NULL0 unassigned up up(s)
2、配置OSPF协议
[R1]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
#
[R2]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
[R3]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
#
3、配置BGP协议
[R1]dis c c bgp
[V200R003C00]
#
bgp 100
router-id 1.1.1.1
undo default ipv4-unicast
peer 12.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
network 10.1.1.0 255.255.255.0
network 20.1.1.0 255.255.255.0
peer 12.1.1.2 enable
#
[R2]dis c c bgp
[V200R003C00]
#
bgp 200
router-id 2.2.2.2
undo default ipv4-unicast
peer 12.1.1.1 as-number 100
peer 23.1.1.3 as-number 300
#
ipv4-family unicast
undo synchronization
network 20.1.1.0 255.255.255.0
network 21.1.1.0 255.255.255.0
peer 12.1.1.1 enable
peer 23.1.1.3 enable
#
[R3]dis c c bgp
[V200R003C00]
#
bgp 300
router-id 3.3.3.3
undo default ipv4-unicast
peer 23.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 23.1.1.2 enable
#
4、R1、R2宣告路由
在R1上宣告10.1.1.0网段,在R2上宣告20.1.1.0和21.1.1.0网段。
[R1]bgp 100
[R1-bgp]network 20.1.1.0 24
[R2]bgp 200
[R2-bgp]network 20.1.1.0 24
[R2-bgp]network 21.1.1.0 24
此时R3的bgp路由表中就会出现这3条路由,如下图所示
[R3-bgp]dis bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 23.1.1.2 0 200 100i
*> 20.1.1.0/24 23.1.1.2 0 0 200i
*> 21.1.1.0/24 23.1.1.2 0 0 200i
接着就是本次实验的目的,利用AS_PATH过滤掉来自AS100的路由。
5、进行路由过滤
[R3]ip as-path-filter 1 deny _100$
拒绝来自AS100的路由
[R3]ip as-path-filter 1 permit .*‘
允许来自其他AS号的路由
接着去bgp里面绑定AS_PATH
[R3]bg 300
[R3-bgp]peer 23.1.1.2 as-path-filter 1 import
在R3的入方向进行过滤
接下来,我们再看bgp的路由表。
[R3-bgp]dis bg routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 20.1.1.0/24 23.1.1.2 0 0 200i
*> 21.1.1.0/24 23.1.1.2 0 0 200i
此时就没有来自AS100的10.1.1.0网段的路由。我们在R2上查看一下,确定一下R2给R3发了来自AS100的10.1.1.0网段的路由。
[R2]display bgp routing-table peer 23.1.1.3 advertised-routes
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 23.1.1.2 0 200 100i
*> 20.1.1.0/24 23.1.1.2 0 0 200i
*> 21.1.1.0/24 23.1.1.2 0 0 200i
由此可见,R2确实给R3发送了来自AS100的10.1.1.0网段的路由。
实验二
Community团体属性来进行路由过滤
本次实验二的目的在于Community团体属性来进行路由过滤。
实验流程
R1、R2、R3运行BGP和OSPF协议,R1的AS号为100,R2的AS号为200,R3的AS号为300。跑OSPF协议使R1、R2、R3互联。在R1上配置团体属性使R2不向R3发送来自AS100的路由。
1、先配IP地址
[R1]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.1.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/32 up up(s)
LoopBack10 10.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[R2]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.1.1.2/24 up up
GigabitEthernet0/0/1 23.1.1.2/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 2.2.2.2/32 up up(s)
LoopBack20 20.1.1.1/24 up up(s)
LoopBack21 21.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[R3]dis ip in br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 23.1.1.3/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 3.3.3.3/32 up up(s)
NULL0 unassigned up up(s)
2、配置OSPF协议
[R1]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
#
[R2]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 23.1.1.2 0.0.0.0
#
[R3]dis c c ospf
[V200R003C00]
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
#
3、配置BGP协议
[R1]dis c c bgp
[V200R003C00]
#
bgp 100
router-id 1.1.1.1
undo default ipv4-unicast
peer 12.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
network 10.1.1.0 255.255.255.0
network 20.1.1.0 255.255.255.0
peer 12.1.1.2 enable
#
[R2]dis c c bgp
[V200R003C00]
#
bgp 200
router-id 2.2.2.2
undo default ipv4-unicast
peer 12.1.1.1 as-number 100
peer 23.1.1.3 as-number 300
#
ipv4-family unicast
undo synchronization
network 20.1.1.0 255.255.255.0
network 21.1.1.0 255.255.255.0
peer 12.1.1.1 enable
peer 23.1.1.3 enable
#
[R3]dis c c bgp
[V200R003C00]
#
bgp 300
router-id 3.3.3.3
undo default ipv4-unicast
peer 23.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 23.1.1.2 enable
#
4、R1、R2宣告路由
在R1上宣告10.1.1.0网段,在R2上宣告20.1.1.0和21.1.1.0网段。
[R1]bgp 100
[R1-bgp]network 20.1.1.0 24
[R2]bgp 200
[R2-bgp]network 20.1.1.0 24
[R2-bgp]network 21.1.1.0 24
此时R3的bgp路由表中就会出现这3条路由,如下图所示
[R3-bgp]dis bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 23.1.1.2 0 200 100i
*> 20.1.1.0/24 23.1.1.2 0 0 200i
*> 21.1.1.0/24 23.1.1.2 0 0 200i
接着就是本次实验的目的,利用Community团体属性不让R2发送AS100的路由。
5、配置团体属性
[R1]route-policy toR2 permit node 10
[R1-route-policy]apply community no-advertise
配置路由策略应用团体属性,no-advertise不发送
[R1]bg 100
[R1-bgp]peer 12.1.1.2 advertise-community
[R1-bgp]peer 12.1.1.2 route-policy toR2 export
将团体属性绑定在出口上
然后在R3上查看bgp路由
[R3]display bg routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 20.1.1.0/24 23.1.1.2 0 0 200i
*> 21.1.1.0/24 23.1.1.2 0 0 200i
发现没有10.1.1.0网段的路由。
[R2]display bg routing-table 10.1.1.0
BGP local router ID : 2.2.2.2
Local AS number : 200
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 10.1.1.0/24:
From: 12.1.1.1 (1.1.1.1)
Route Duration: 00h47m37s
Direct Out-interface: GigabitEthernet0/0/0
Original nexthop: 12.1.1.1
Qos information : 0x0
Community:no-advertise
AS-path 100, origin igp, MED 0, pref-val 0, valid, external, best, select, acti
ve, pre 255
Not advertised to any peer yet
在R2上查看10.1.1.0网段的具体信息,发现最后一行Not advertised to any peer yet,说明是R2没有往R3上发送这条路路由。Over~。